US20030223417A1 - Method of processing data packets - Google Patents

Method of processing data packets Download PDF

Info

Publication number
US20030223417A1
US20030223417A1 US10/163,121 US16312102A US2003223417A1 US 20030223417 A1 US20030223417 A1 US 20030223417A1 US 16312102 A US16312102 A US 16312102A US 2003223417 A1 US2003223417 A1 US 2003223417A1
Authority
US
United States
Prior art keywords
packet
fields
check
processing
check value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US10/163,121
Inventor
Masashi Higashida
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NXP USA Inc
Original Assignee
Motorola Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Motorola Inc filed Critical Motorola Inc
Priority to US10/163,121 priority Critical patent/US20030223417A1/en
Assigned to MOTOROLA, INC. reassignment MOTOROLA, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: HIGASHIDA, MASASHI
Publication of US20030223417A1 publication Critical patent/US20030223417A1/en
Assigned to FREESCALE SEMICONDUCTOR, INC. reassignment FREESCALE SEMICONDUCTOR, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: MOTOROLA, INC
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • H04L45/745Address table lookup; Address filtering

Definitions

  • the present invention relates generally to a method of comparing large fields of data and, more particularly, to a method of comparing packet data to sequential access control list entries.
  • Access control lists are commonly used to filter packets in routers.
  • ACLs were processed with software, with specific fields in an IP packet being compared to ACL entries sequentially. This approach is computationally expensive because of the byte-by-byte comparisons performed by software, resulting in many clock cycles per entry.
  • Some hardware approaches have been adopted.
  • One such hardware approach to accelerate the comparisons uses CAM hardware, which achieves speeds of few cycles per ACL entry.
  • FIG. 1 is a schematic block diagram showing an implementation of sequential software ACL processing or hardware CAM based ACL processing.
  • the ACL entries include packet field criteria for capturing specific packets or flows.
  • the entries contain a mask, which indicates which fields are to be used for comparison, and which fields are to be ignored (“don't care”).
  • predetermined packet fields are extracted from the packet.
  • the packet fields and an entry mask (entry[n] mask) are input to a mask block 10 to eliminate the “don't' care” fields.
  • the masked packet fields output from the mask block 10 are compared with the entry's fields (entry[n] fields) with a comparator 12 to determine if there is a match. If the current entry does not match, then the next entry in the ACL is scanned in the same manner.
  • a permit or deny decision or other decision
  • FIG. 2 shows the sequential flow of the explicit field comparison approach to ACL processing of FIG. 1.
  • the arrows indicate the comparisons required.
  • the sequential approach is tedious.
  • the CAM approach is much more efficient because each entry (line) is compared immediately.
  • the number and width of fields is constrained by the hardware. That is, it is not possible to expand the number of fields for filtering criteria. Such a constraint limits a router or switch's ability to differentiate diverse QoS or security requirements in today's networks.
  • FIG. 1 is a schematic block diagram illustrating conventional sequential software ACL processing or hardware CAM based processing
  • FIG. 2 is a sequence of packet and ACL entry field comparisons for conventional, sequential software ACL processing
  • FIG. 3 is a schematic block diagram illustrating a simple digest (CRC) comparison approach to ACL processing in accordance with a first embodiment of the present invention
  • FIG. 4 is sequence diagram illustrating a sequence of CRC calculations for the simple digest comparison approach of FIG. 3;
  • FIG. 5 is a schematic block diagram of a digest generation and comparison approach to ACL processing in accordance with a second embodiment of the present invention
  • FIG. 6 is a timing diagram of some relationships having a linear combination of CRC components
  • FIG. 7 is a sequence diagram showing the sequence of CRC calculations for the digest generation and comparison approach of FIG. 5;
  • FIG. 8 is a sequence diagram of a projection error from two different viewpoints.
  • the present invention provides an efficient method of ACL processing that solves the fixed-width problem faced by conventional CAM hardware ACL processors, while maintaining comparable efficiency.
  • the present invention is based on two properties of message digests, when the “message” is packet fields or ACL entry fields, and the digest calculation algorithm is a linear feedback shift register (LFSR), such as cyclic redundancy check (CRC) or a hash function.
  • LFSR linear feedback shift register
  • CRC cyclic redundancy check
  • hash function a hash function
  • the first property is that a necessary condition for messages, such as entry fields and packet fields, to be equal is their corresponding digests are equal. If two messages are equal, then their digests (CRCs) are equal. If two digests are not equal, then their messages are not equal. If two digests are equal, there is some probability of a collision where two unequal messages yield equal digests. This is true regardless of the length of the message, as long as the compared messages are the same length.
  • the present invention uses this first property to resolve the fixed-width problem faced by CAM based ACL processors.
  • a long message packets filtered on many or large fields exceeding the bit width of existing CAM hardware
  • the first property is also used to defer the computationally costly full-field comparison (bit-level) until there is a matching digest. Thus, unnecessary bit-level field comparisons are eliminated.
  • One drawback of the first property, addressed below, is that repeated digest (CRC) calculations can be computationally costly.
  • the second property is that if the calculation algorithm for a message digest is LFSR (e.g., CRC), then the digest can be decomposed into linearly re-combinable components.
  • LFSR e.g., CRC
  • the present invention decomposes the entire message digest into multiple re-usable sub-calculations, termed CRC components or digests below.
  • CRC components or digests By calculating these components before comparing the packet fields to the ACL entries, the components can be linearly combined by XOR to derive the digest or CRC value efficiently. This linear combination, by XOR, replaces the costly traditional process of fetching words, masking them, and recalculating their digest or CRC for each ACL entry. Furthermore, the XOR calculation used by the present invention is easily implemented.
  • FIG. 3 a block diagram that resolves the fixed-width problem described above is shown.
  • Digests CRC
  • CRC Digests
  • the mask block 20 may be a simple logic gate, such as an AND gate, as will be understood by those of skill in the art.
  • the masked output from the mask block 20 is input to a digest calculation block 22 , which calculates a digest, such as a CRC.
  • Such digest calculation blocks are known and so a detailed description is not necessary for a complete understanding of the invention.
  • the calculated digest output by the digest calculation block 22 is then compared with the provided digest for the entry at a first comparator 24 . If the calculated digest does not match the provided digest, then the next, n+ 1 entry is retrieved and similar processing occurs. If the calculated digest output from the digest calculation block 22 matches the provided digest, as determined by the first comparator 24 , then the output from the comparator 24 is used to enable a full field comparison block 26 .
  • the full-field comparison block 26 includes a second mask block 28 and a second comparator 30 for performing a full-field comparison like the prior art method of FIG. 1.
  • first and second mask blocks 20 , 28 perform the same function and thus, although two mask blocks are shown, the output from the first mask block 20 could be buffered and input to the second comparator 30 .
  • FIG. 4 shows the sequence followed by the approach shown in FIG. 3.
  • the digest representation removes the bit-width constraint of prior art hardware approaches. That is, a representation of long or many packet fields by a “fingerprint” digest (CRC) is used to defer explicit full-field comparisons. Then, full-field comparisons are performed only if there is a digest match. This saves unnecessary comparisons from being performed. However, the costs of CRC calculation and re-calculating the digest for every entry are significant.
  • CRC fingerprint
  • FIG. 5 a schematic block diagram of a processor 50 for filtering packet fields in accordance with a second embodiment of the present invention is shown.
  • the processor 50 is just one implementation of an efficient digest generation and comparison method. It will be understood that the processor 50 may be a programmed microprocessor or special hardware, such as a PLA or ASIC.
  • the processor 50 includes a first logic block 52 that receives a packet and calculates a list of combinable CRC components thereof. That is, the block 52 decomposes the packet digest into re-combinable components.
  • the calculated CRC components include a CRC of various packet fields, such as version, class, flow label, length, next header, hop limit, source address, destination address, source port, destination port, and any other fields.
  • the calculated CRC components are combined by a selector 54 , as necessary, to create a digest. More particularly, the selected CRC components are provided to an XOR block 56 , which combines the components to efficiently mask out selected packet fields from the digest. That is, the XOR block 56 replaces the mask block 20 used in the first embodiment.
  • the packet digest output by the XOR block 56 is then compared to the entry digest (entry[n]CRC) with a first comparator 58 . If there is a match, as determined by the first comparator 58 , then a full field comparison is performed at the block 60 .
  • the block 60 may be the same as the prior art comparison logic shown in FIG. 1.
  • the block 60 includes a mask block 62 and a second comparator 64 and compares the packet field bits to the entry field bits to check for a match. Since this procedure is cycle costly, it is only performed if there is a digest match.
  • the processor includes an XOR gate 66 to generate a selector enable signal provided to the selector 54 .
  • This allows that for each entry “n”, the changing fields compared to entry “n-1” ( ⁇ mask) are used to efficiently “update” the digest calculation.
  • the LFSR property of the digest (CRC) makes this feasible.
  • CRC LFSR property of the digest
  • FIG. 3 only when digests match is an explicit field comparison performed.
  • the pre-calculation cost, performed by the logic block 52 can be amortized over the number of entries the packet will be compared with, resulting in significant efficiency gains, while maintaining flexibility with large or many entry fields.
  • FIG. 6 shows some examples of the packet fields for which separate CRC components are calculated and combined to generate the packet digest (CRC).
  • FIG. 7 shows the sequence of processing, that is, performing CRC calculations of selected packet fields.
  • FIG. 8 shows the sequence of separately calculating CRC values of the selected packet fields and how the separate CRC values are combined using an XOR function.
  • the present invention is suitable for filtering packets for router products and is preferably implemented with microcode that performs the proposed calculations.
  • inventive concepts described herein may be applied to other applications and may be implemented with specialized hardware, software, or combinations thereof. Further, changes could be made to the embodiments described above without departing from the broad inventive concept thereof. It is understood, therefore, that this invention is not limited to the particular embodiments disclosed, but it is intended to cover modifications within the spirit and scope of the present invention as defined by the appended claims.

Abstract

A method of processing data packets having multiple fields by a router includes the steps of receiving a packet; calculating separate check values for each of the packet fields; combining the separately calculated check values; masking the combined check values with a predetermined packet check value; and then comparing the masked, calculated check value with an Access Control List (ACL) entry check value. Only if the calculated check value matches the ACL entry check value is the packet data compared with corresponding fields from the corresponding ACL entry.

Description

    BACKGROUND OF THE INVENTION
  • The present invention relates generally to a method of comparing large fields of data and, more particularly, to a method of comparing packet data to sequential access control list entries. [0001]
  • Access control lists (ACL) are commonly used to filter packets in routers. Traditionally, ACLs were processed with software, with specific fields in an IP packet being compared to ACL entries sequentially. This approach is computationally expensive because of the byte-by-byte comparisons performed by software, resulting in many clock cycles per entry. With increasing demands on high-speed routers, some hardware approaches have been adopted. One such hardware approach to accelerate the comparisons uses CAM hardware, which achieves speeds of few cycles per ACL entry. [0002]
  • FIG. 1 is a schematic block diagram showing an implementation of sequential software ACL processing or hardware CAM based ACL processing. The ACL entries include packet field criteria for capturing specific packets or flows. The entries contain a mask, which indicates which fields are to be used for comparison, and which fields are to be ignored (“don't care”). When a packet arrives from the network, predetermined packet fields are extracted from the packet. The packet fields and an entry mask (entry[n] mask) are input to a [0003] mask block 10 to eliminate the “don't' care” fields. Then, the masked packet fields output from the mask block 10 are compared with the entry's fields (entry[n] fields) with a comparator 12 to determine if there is a match. If the current entry does not match, then the next entry in the ACL is scanned in the same manner. Finally, when all unmasked fields match between the packet and the ACL entry, a permit or deny decision (or other decision) is assigned to the packet for appropriate processing.
  • FIG. 2 shows the sequential flow of the explicit field comparison approach to ACL processing of FIG. 1. The arrows indicate the comparisons required. As is apparent, the sequential approach is tedious. The CAM approach is much more efficient because each entry (line) is compared immediately. However, the number and width of fields is constrained by the hardware. That is, it is not possible to expand the number of fields for filtering criteria. Such a constraint limits a router or switch's ability to differentiate diverse QoS or security requirements in today's networks. [0004]
  • With the advent of [0005] IP version 6 and new multimedia services, the traditional software and even some hardware implementations are faced with performance and size limitations arising from the number and width of fields required for comparisons. The software implementations are challenged with increased data comparisons, while high speed CAM hardware based implementations are challenged by the large 128 bit IP addresses, intermediate headers, and diverse upper layer filtering criteria because of their fixed bit widths. In order to enable packet filtering that differentiates the larger IP addresses as well as diverse upper layer fields efficiently, a method of comparing packet data to sequential ACL entries needs to compare large data widths, and yet achieve high performance.
  • It would be beneficial to be able to filter variable width packet data quickly and efficiently. [0006]
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • The foregoing summary, as well as the following detailed description of preferred embodiments of the invention, will be better understood when read in conjunction with the appended drawings. For the purpose of illustrating the invention, there is shown in the drawings embodiments that are presently preferred. It should be understood, however, that the invention is not limited to the precise arrangements and instrumentalities shown. In the drawings: [0007]
  • FIG. 1 is a schematic block diagram illustrating conventional sequential software ACL processing or hardware CAM based processing; [0008]
  • FIG. 2 is a sequence of packet and ACL entry field comparisons for conventional, sequential software ACL processing; [0009]
  • FIG. 3 is a schematic block diagram illustrating a simple digest (CRC) comparison approach to ACL processing in accordance with a first embodiment of the present invention; [0010]
  • FIG. 4 is sequence diagram illustrating a sequence of CRC calculations for the simple digest comparison approach of FIG. 3; [0011]
  • FIG. 5 is a schematic block diagram of a digest generation and comparison approach to ACL processing in accordance with a second embodiment of the present invention; [0012]
  • FIG. 6 is a timing diagram of some relationships having a linear combination of CRC components; [0013]
  • FIG. 7 is a sequence diagram showing the sequence of CRC calculations for the digest generation and comparison approach of FIG. 5; and [0014]
  • FIG. 8 is a sequence diagram of a projection error from two different viewpoints.[0015]
  • DETAILED DESCRIPTION OF THE INVENTION
  • In the drawings, like numerals are used to indicate like elements throughout. [0016]
  • The present invention provides an efficient method of ACL processing that solves the fixed-width problem faced by conventional CAM hardware ACL processors, while maintaining comparable efficiency. The present invention is based on two properties of message digests, when the “message” is packet fields or ACL entry fields, and the digest calculation algorithm is a linear feedback shift register (LFSR), such as cyclic redundancy check (CRC) or a hash function. [0017]
  • The first property is that a necessary condition for messages, such as entry fields and packet fields, to be equal is their corresponding digests are equal. If two messages are equal, then their digests (CRCs) are equal. If two digests are not equal, then their messages are not equal. If two digests are equal, there is some probability of a collision where two unequal messages yield equal digests. This is true regardless of the length of the message, as long as the compared messages are the same length. [0018]
  • The present invention uses this first property to resolve the fixed-width problem faced by CAM based ACL processors. A long message (packets filtered on many or large fields exceeding the bit width of existing CAM hardware) can be represented by a narrow bit-width digest “fingerprint”. Only when the packet digest and ACL entry digest are equal, is it possible for the actual packets to match the ACL entry. The first property is also used to defer the computationally costly full-field comparison (bit-level) until there is a matching digest. Thus, unnecessary bit-level field comparisons are eliminated. One drawback of the first property, addressed below, is that repeated digest (CRC) calculations can be computationally costly. [0019]
  • The second property is that if the calculation algorithm for a message digest is LFSR (e.g., CRC), then the digest can be decomposed into linearly re-combinable components. [0020]
  • In accordance with the second property, the present invention decomposes the entire message digest into multiple re-usable sub-calculations, termed CRC components or digests below. By calculating these components before comparing the packet fields to the ACL entries, the components can be linearly combined by XOR to derive the digest or CRC value efficiently. This linear combination, by XOR, replaces the costly traditional process of fetching words, masking them, and recalculating their digest or CRC for each ACL entry. Furthermore, the XOR calculation used by the present invention is easily implemented. [0021]
  • The fixed width problem faced by CAM based ACL processors is resolved by substituting potentially long and many packet and entry fields with a fixed-width message digest. Although the present invention is described herein as using cyclic redundancy check (CRC), it is understood that the digest calculation can be any LFSR algorithm. [0022]
  • Referring now to FIG. 3, a block diagram that resolves the fixed-width problem described above is shown. Digests (CRC) are pre-calculated and stored with the ACL entry. When a packet arrives, it is masked according to the entry[n]mask with a [0023] mask block 20. The mask block 20 may be a simple logic gate, such as an AND gate, as will be understood by those of skill in the art. The masked output from the mask block 20 is input to a digest calculation block 22, which calculates a digest, such as a CRC. Such digest calculation blocks are known and so a detailed description is not necessary for a complete understanding of the invention. The calculated digest output by the digest calculation block 22 is then compared with the provided digest for the entry at a first comparator 24. If the calculated digest does not match the provided digest, then the next, n+1 entry is retrieved and similar processing occurs. If the calculated digest output from the digest calculation block 22 matches the provided digest, as determined by the first comparator 24, then the output from the comparator 24 is used to enable a full field comparison block 26. The full-field comparison block 26 includes a second mask block 28 and a second comparator 30 for performing a full-field comparison like the prior art method of FIG. 1.
  • It is noted that the first and second mask blocks [0024] 20, 28 perform the same function and thus, although two mask blocks are shown, the output from the first mask block 20 could be buffered and input to the second comparator 30.
  • FIG. 4 shows the sequence followed by the approach shown in FIG. 3. When compared with FIG. 2, it can be seen that long bit-width field comparisons are replaced with shorter, digest comparisons. The digest representation removes the bit-width constraint of prior art hardware approaches. That is, a representation of long or many packet fields by a “fingerprint” digest (CRC) is used to defer explicit full-field comparisons. Then, full-field comparisons are performed only if there is a digest match. This saves unnecessary comparisons from being performed. However, the costs of CRC calculation and re-calculating the digest for every entry are significant. [0025]
  • Referring now to FIG. 5, a schematic block diagram of a [0026] processor 50 for filtering packet fields in accordance with a second embodiment of the present invention is shown. The processor 50 is just one implementation of an efficient digest generation and comparison method. It will be understood that the processor 50 may be a programmed microprocessor or special hardware, such as a PLA or ASIC. The processor 50 includes a first logic block 52 that receives a packet and calculates a list of combinable CRC components thereof. That is, the block 52 decomposes the packet digest into re-combinable components. The calculated CRC components include a CRC of various packet fields, such as version, class, flow label, length, next header, hop limit, source address, destination address, source port, destination port, and any other fields. The calculated CRC components are combined by a selector 54, as necessary, to create a digest. More particularly, the selected CRC components are provided to an XOR block 56, which combines the components to efficiently mask out selected packet fields from the digest. That is, the XOR block 56 replaces the mask block 20 used in the first embodiment. The packet digest output by the XOR block 56 is then compared to the entry digest (entry[n]CRC) with a first comparator 58. If there is a match, as determined by the first comparator 58, then a full field comparison is performed at the block 60. The block 60 may be the same as the prior art comparison logic shown in FIG. 1. The block 60 includes a mask block 62 and a second comparator 64 and compares the packet field bits to the entry field bits to check for a match. Since this procedure is cycle costly, it is only performed if there is a digest match.
  • The processor includes an [0027] XOR gate 66 to generate a selector enable signal provided to the selector 54. This allows that for each entry “n”, the changing fields compared to entry “n-1” (Δmask) are used to efficiently “update” the digest calculation. The LFSR property of the digest (CRC) makes this feasible. Although other logic elements may be used, a simple XOR eliminates the need for lengthy CRC calculations and requires only a few clock cycles to update the digests for each entry. As in the first embodiment, FIG. 3, only when digests match is an explicit field comparison performed. The pre-calculation cost, performed by the logic block 52, can be amortized over the number of entries the packet will be compared with, resulting in significant efficiency gains, while maintaining flexibility with large or many entry fields.
  • FIG. 6 shows some examples of the packet fields for which separate CRC components are calculated and combined to generate the packet digest (CRC). FIG. 7 shows the sequence of processing, that is, performing CRC calculations of selected packet fields. FIG. 8 shows the sequence of separately calculating CRC values of the selected packet fields and how the separate CRC values are combined using an XOR function. [0028]
  • The present invention is suitable for filtering packets for router products and is preferably implemented with microcode that performs the proposed calculations. However, it will be understood that the inventive concepts described herein may be applied to other applications and may be implemented with specialized hardware, software, or combinations thereof. Further, changes could be made to the embodiments described above without departing from the broad inventive concept thereof. It is understood, therefore, that this invention is not limited to the particular embodiments disclosed, but it is intended to cover modifications within the spirit and scope of the present invention as defined by the appended claims. [0029]

Claims (12)

1. A method of processing a packet, the packet including a plurality of individual fields, comprising the steps of:
extracting one or more predetermined packet fields;
selecting one or more of the extracted predetermined packet fields for a comparison using a mask;
calculating a separate check value for each of the selected packet fields;
combining the calculated separate check values; and
comparing the combined, calculated check values with an Access Control List (ACL) entry check value.
2. The method of processing a packet of claim 1, further comprising the step of:
masking the combined check values with a predetermined packet check value prior to the comparison step, and then comparing the masked value with the ACL entry check value.
3. The method of processing a packet of claim 1, further comprising the step of comparing the selected packet fields with corresponding fields from a corresponding ACL entry when the calculated check value matches the ACL entry check value.
4. The method of processing a packet of claim 1, wherein the calculated check value is a cyclic redundancy check (CRC) value.
5. The method of processing a packet of claim 1, wherein the calculated check value is a hash function.
6. The method of processing a packet of claim 1, wherein the selecting one or more of the extracted predetermined packet fields for a comparison using a mask comprises XORing the combined check values with a check value of the packet.
7. A method of processing a packet comprising the steps of:
receiving a packet, the packet including a plurality of individual fields;
calculating separate check values for each of the packet fields;
combining the separately calculated check values;
masking the combined check values with a predetermined packet check value; and
comparing the masked, calculated check value with an Access Control List (ACL) entry check value.
8. The method of processing a packet of claim 7, wherein the masking step includes XORing the combined check values with a check value of the packet.
9. The method of processing a packet of claim 7, wherein the combining step comprises linearly combining the separately calculated check values.
10. The method of processing a packet of claim 7, further comprising the steps of:
extracting predetermined packet fields for a comparison using a mask; and
comparing the extracted packet fields with corresponding fields from the corresponding ACL entry when the masked, calculated check value matches the ACL entry check value.
11. The method of processing a packet of claim 7, wherein the calculated check values are cyclic redundancy check (CRC) values.
12. The method of processing a packet of claim 7, wherein the calculated check values are hash functions.
US10/163,121 2002-06-04 2002-06-04 Method of processing data packets Abandoned US20030223417A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US10/163,121 US20030223417A1 (en) 2002-06-04 2002-06-04 Method of processing data packets

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US10/163,121 US20030223417A1 (en) 2002-06-04 2002-06-04 Method of processing data packets

Publications (1)

Publication Number Publication Date
US20030223417A1 true US20030223417A1 (en) 2003-12-04

Family

ID=29583659

Family Applications (1)

Application Number Title Priority Date Filing Date
US10/163,121 Abandoned US20030223417A1 (en) 2002-06-04 2002-06-04 Method of processing data packets

Country Status (1)

Country Link
US (1) US20030223417A1 (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050030903A1 (en) * 2003-08-05 2005-02-10 Djamal Al-Zain Determining a transmission parameter in a transmission system
US20070127457A1 (en) * 2005-12-02 2007-06-07 Cisco Technology, Inc. Method and apparatus to minimize database exchange in OSPF by using a SHA-1 digest value
US20100097984A1 (en) * 2006-07-21 2010-04-22 Sudhir Kumar Baghel Method and system for efficient connection setup procedure for mobile terminated (mt) calls
US20100146624A1 (en) * 2007-08-16 2010-06-10 Bernd Meyer Method and apparatus for protection of a program against monitoring flow manipulation and against incorrect program running
US20100153828A1 (en) * 2008-11-04 2010-06-17 De Lind Van Wijngaarden Adriaan J Method and apparatus for error detection in a communication system
US20100199346A1 (en) * 2009-02-02 2010-08-05 Telcordia Technologies, Inc. System and method for determining symantic equivalence between access control lists
CN108664518A (en) * 2017-03-31 2018-10-16 深圳市中兴微电子技术有限公司 A kind of method and device for realizing processing of tabling look-up
CN111131045A (en) * 2019-12-04 2020-05-08 杭州迪普科技股份有限公司 Message forwarding method and network equipment

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5473607A (en) * 1993-08-09 1995-12-05 Grand Junction Networks, Inc. Packet filtering for data networks
US6021419A (en) * 1997-09-16 2000-02-01 International Business Machines Corporation System for filtering broadcast digital information in accordance with channel identifiers stored in preference list which can be dynamically updated via command through network
US6041058A (en) * 1997-09-11 2000-03-21 3Com Corporation Hardware filtering method and apparatus
US6092110A (en) * 1997-10-23 2000-07-18 At&T Wireless Svcs. Inc. Apparatus for filtering packets using a dedicated processor
US6105027A (en) * 1997-03-10 2000-08-15 Internet Dynamics, Inc. Techniques for eliminating redundant access checking by access filters
US6144662A (en) * 1996-07-09 2000-11-07 International Business Machines Corporation Fast routing and non-blocking switch which accomodates multicasting and variable length packets
US6147976A (en) * 1996-06-24 2000-11-14 Cabletron Systems, Inc. Fast network layer packet filter
US6226523B1 (en) * 1997-12-19 2001-05-01 Telefonaktiebolaget Lm Ericsson (Publ) Internet protocol traffic filter for a mobile radio network
US20010020266A1 (en) * 2000-03-06 2001-09-06 Fujitsu Limited Packet processor
US6289013B1 (en) * 1998-02-09 2001-09-11 Lucent Technologies, Inc. Packet filter method and apparatus employing reduced memory
US6335935B2 (en) * 1998-07-08 2002-01-01 Broadcom Corporation Network switching architecture with fast filtering processor
US6738355B1 (en) * 2000-11-01 2004-05-18 Agilent Technologies, Inc. Synchronization method for multi-probe communications network monitoring

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5473607A (en) * 1993-08-09 1995-12-05 Grand Junction Networks, Inc. Packet filtering for data networks
US6147976A (en) * 1996-06-24 2000-11-14 Cabletron Systems, Inc. Fast network layer packet filter
US6144662A (en) * 1996-07-09 2000-11-07 International Business Machines Corporation Fast routing and non-blocking switch which accomodates multicasting and variable length packets
US6105027A (en) * 1997-03-10 2000-08-15 Internet Dynamics, Inc. Techniques for eliminating redundant access checking by access filters
US6041058A (en) * 1997-09-11 2000-03-21 3Com Corporation Hardware filtering method and apparatus
US6021419A (en) * 1997-09-16 2000-02-01 International Business Machines Corporation System for filtering broadcast digital information in accordance with channel identifiers stored in preference list which can be dynamically updated via command through network
US6092110A (en) * 1997-10-23 2000-07-18 At&T Wireless Svcs. Inc. Apparatus for filtering packets using a dedicated processor
US6226523B1 (en) * 1997-12-19 2001-05-01 Telefonaktiebolaget Lm Ericsson (Publ) Internet protocol traffic filter for a mobile radio network
US6289013B1 (en) * 1998-02-09 2001-09-11 Lucent Technologies, Inc. Packet filter method and apparatus employing reduced memory
US6335935B2 (en) * 1998-07-08 2002-01-01 Broadcom Corporation Network switching architecture with fast filtering processor
US20010020266A1 (en) * 2000-03-06 2001-09-06 Fujitsu Limited Packet processor
US6738355B1 (en) * 2000-11-01 2004-05-18 Agilent Technologies, Inc. Synchronization method for multi-probe communications network monitoring

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7907586B2 (en) * 2003-08-05 2011-03-15 Tektronix, Inc. Determining a transmission parameter in a transmission system
US20050030903A1 (en) * 2003-08-05 2005-02-10 Djamal Al-Zain Determining a transmission parameter in a transmission system
US20070127457A1 (en) * 2005-12-02 2007-06-07 Cisco Technology, Inc. Method and apparatus to minimize database exchange in OSPF by using a SHA-1 digest value
US7664789B2 (en) * 2005-12-02 2010-02-16 Cisco Technology, Inc. Method and apparatus to minimize database exchange in OSPF by using a SHA-1 digest value
US20100097984A1 (en) * 2006-07-21 2010-04-22 Sudhir Kumar Baghel Method and system for efficient connection setup procedure for mobile terminated (mt) calls
US8199703B2 (en) 2006-07-21 2012-06-12 Samsung Electronics Co., Ltd Method and system for efficient connection setup procedure for mobile terminated (MT) calls
US20100146624A1 (en) * 2007-08-16 2010-06-10 Bernd Meyer Method and apparatus for protection of a program against monitoring flow manipulation and against incorrect program running
US8843761B2 (en) * 2007-08-16 2014-09-23 Siemens Aktiengesellschaft Method and apparatus for protection of a program against monitoring flow manipulation and against incorrect program running
US20100153828A1 (en) * 2008-11-04 2010-06-17 De Lind Van Wijngaarden Adriaan J Method and apparatus for error detection in a communication system
US8892983B2 (en) * 2008-11-04 2014-11-18 Alcatel Lucent Method and apparatus for error detection in a communication system
WO2010088600A1 (en) * 2009-02-02 2010-08-05 Telcordia Technologies, Inc. System and method for determining symantic equivalence between access control lists
US20100199346A1 (en) * 2009-02-02 2010-08-05 Telcordia Technologies, Inc. System and method for determining symantic equivalence between access control lists
CN102771074A (en) * 2009-11-04 2012-11-07 阿尔卡特朗讯 Method and apparatus for error detection in a communication system
KR101354288B1 (en) * 2009-11-04 2014-01-23 알까뗄 루슨트 Method and apparatus for error detection in a communication system
CN108664518A (en) * 2017-03-31 2018-10-16 深圳市中兴微电子技术有限公司 A kind of method and device for realizing processing of tabling look-up
CN111131045A (en) * 2019-12-04 2020-05-08 杭州迪普科技股份有限公司 Message forwarding method and network equipment

Similar Documents

Publication Publication Date Title
US6275861B1 (en) Method and apparatus to identify flows in data systems
US6778530B1 (en) Method and apparatus for multiple field matching in network device
US6453358B1 (en) Network switching device with concurrent key lookups
US7023807B2 (en) Network switching device with pipelined search engines
KR101334583B1 (en) Variable-stride stream segmentation and multi-pattern matching
US7535906B2 (en) Packet classification
US7116663B2 (en) Multi-field classification using enhanced masked matching
US20020116527A1 (en) Lookup engine for network devices
US6034958A (en) VP/VC lookup function
Knudsen et al. Truncated differentials of SAFER
US7519070B2 (en) Method and apparatus for deep packet processing
JP4755175B2 (en) Programmable hardware for deep packet filtering
US7191468B2 (en) System and method for multidimensional data compression
US7545809B2 (en) Packet classification
US6959297B2 (en) System and process for searching within a data stream using a pointer matrix and a trap matrix
US20050035784A1 (en) Apparatus and method for large hardware finite state machine with embedded equivalence classes
US20060193159A1 (en) Fast pattern matching using large compressed databases
US7747078B2 (en) Substring detection system and method
KR20050046642A (en) Method and apparatus for managing network traffic using cyclical redundancy check hash functions
US7366910B2 (en) System and method for string filtering
US20030223417A1 (en) Method of processing data packets
Liu et al. An overlay automata approach to regular expression matching
CN112667526B (en) Method and circuit for realizing access control list circuit
US8964748B2 (en) Methods, systems, and computer readable media for performing flow compilation packet processing
US7289502B1 (en) Method and device for routing or compressing packets destination address containing classless address

Legal Events

Date Code Title Description
AS Assignment

Owner name: MOTOROLA, INC., ILLINOIS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:HIGASHIDA, MASASHI;REEL/FRAME:012979/0215

Effective date: 20020517

AS Assignment

Owner name: FREESCALE SEMICONDUCTOR, INC., TEXAS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MOTOROLA, INC;REEL/FRAME:015360/0718

Effective date: 20040404

Owner name: FREESCALE SEMICONDUCTOR, INC.,TEXAS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MOTOROLA, INC;REEL/FRAME:015360/0718

Effective date: 20040404

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION